Apple Watch
Wearables Fitness Trackers Reproductive Health Reproductive Health: Wearables

Apple Watch

Apple
Bluetooth

Review date: Nov. 9, 2022

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Somewhat creepy

The Apple Watch still reigns supreme in the world of smart watches. You've got all your email, text, phone calls, music, podcasts, and more right there on your wrist (as long as you have an iPhone, of course). And it tracks lots of health data. There's heart rate, sleep tracking, steps, calories, blood oxygen levels, ECG, fall detection, and more. Apple has a pretty good track record of taking all this very personal data and keeping it safe, which we appreciate.

Update: In June 2022, after Roe vs Wade was overturned allowing US states to make access to abortion illegal, we took another look at the privacy and security of the Apple Watch as a device that can track menstrual cycle and reproductive health data. Our updated review is below. Overall, Apple does a pretty good job of protecting their users privacy and security and has a pretty good history as standing up to law enforcement requests for their users' data.

What could happen if something goes wrong?

Apple does a pretty good job with privacy and security as a company. They say they don't share your data for their own advertisement purposes and Apple takes special care to make sure your Siri requests aren't associated with you, which is great. Apple did face backlash in 2019 when it came to light their contractors were regularly listening in on confidential personal conversations when they were reviewing the voice assistant's recordings. Apple changed their policy so users weren't automatically opted-in to human voice review. Recently, Apple made another positive change for your Siri voice requests — many audio requests for things like setting timers or alarms or controlling music will no longer be sent over the internet to their servers, instead processing them directly on the device. This is better for your privacy.

This device does track a whole bunch of biometric data including your heart rate, blood oxygen levels, menstrual cycle, hearing, breathing, and your heart's electrical signals. That's a lot of personal information gathered in one place. A reminder, it’s always good to lock down the privacy on all this data as much as possible.

What is not good is what can happen with all this very personal health data if others aren't careful. A recent report showed that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Apple and other fitness tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Apple might do a good job with their own security, anytime you sync or share that data with anyone else, it could be vulnerable. I don't know about you, but I don't need the world to know my weight and where I live. That’s really dang creepy.

Update, August 2022 following the overturn of Roe vs Wade protection reproductive health rights in the United States.
Apple does do a pretty good job with privacy, so that's good when it comes to using the Apple Health app for period and reproductive health tracking. And if users take the steps Apple recommends to protect this data, it should be fairly safe out there on the Cloud. Apple says, "
When your phone is locked with a passcode, Touch ID or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted. Any health data synced to iCloud is encrypted both in transit and on our servers. And if you have a recent version of watchOS and iOS with the default two-factor authentication and a passcode, your health and activity data will be stored in a way that’s unreadable to Apple." So lock those phones down, set up two-factor authentication, disable iCloud sharing of Apple Health data, and don't share any of those passcodes with anyone, ever.

And given Apple Health data can be synced with lots of third-party apps and companies, well, don't do that. The more you share this data, the more likely it can be that it will be vulnerable. Limit that sharing as much as you can!

Finally, Apple does have a pretty general statement about how they might share data with law enforcement in their privacy policy, which is kinda a bummer. They say, "We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users." Fortunately, Apple does have a pretty good track record at pushing back against law enforcement requests for data. However, they're still not perfect, as they recently gave up data to hackers who forged emergency data request legal documents.

So, while using an Apple Watch and Apple Health to track your period might be safer than other options, it's good to remember, it's still far from perfect and you should take all the precautions possible to protect your data and only share what you'd feel safe being on the internet.

Tips to protect yourself

  • Follow Apple's advice on how to secure Health data.
  • Restrict the amount of personal information like heart rate data that is shared by going to the Apple Watch app on your iPhone under Privacy > Health
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • If you no longer use your Apple Watch or give it to someone else, consider erasing your data. Open the Settings app on your Apple Watch. Go to General > Reset, tap Erase All Content and Settings, then enter your passcode.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

"Apple does not sell your data including as 'sale' is defined in Nevada and California. "

"Apple uses personal data to power our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent.

Apple uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Apple may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions about the legal basis, you can contact the Data Protection Officer at apple.com/legal/privacy/contact."

Apple says it does not share your data with third parties for commercial or marketing purposes. In June 2021, Apple announced that it will no longer send Siri requests to its servers, but instead will process them at the device level.

Apple say they can deliver ads to you on their services, and you can opt out of those targeted ads if you chose. "Ads that are delivered by Apple’s advertising platform may appear in Apple News, Stocks, or in the App Store. If you do not want to receive ads targeted to your interests from Apple's advertising platform in those apps, you can choose to disable Personalized Ads, which will opt your Apple ID out of receiving such ads regardless of what device you are using."

How the company says they may share data with law enforcement:

Apple may also disclose information about you if they determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

How can you control your data?

"Apple retains personal data only for so long as necessary to fulfill the purposes for which it was collected, including as described in this Privacy Policy or in our service-specific privacy notices, or as required by law. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy and our service-specific privacy summaries. When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law."

Apple grants you right to delete or access your data.

"There may be situations where we cannot grant your request — for example, if you ask us to delete your transaction data and Apple is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical."

You can erase all data from your Apple Watch. Open the Settings app on your Apple Watch. Go to General > Reset, tap Erase All Content and Settings, then enter your passcode.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2022, Apple identified and patched serious security vulnerabilities, one that could allow hackers take full control of iOS devices.

In 2022, Apple allegedly gave user data to hackers who faked being law enforcement and forged requests for information.

In 2021, Apple had a recent serious spyware security vulnerability called Pegaus that infected iPhones and other Apple devices.

In 2021, a major data leak was reported of 61 million fitness tracker data records, including Apple's Healthkit data, by the third party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.

Child Privacy Information

"Apple understands the importance of safeguarding the personal data of children, which we consider to be an individual under the age of 13 or the equivalent age as specified by law in your jurisdiction. That is why Apple has implemented additional processes and protections to help keep children's personal data safe.

To access certain Apple services, a child must have a child Apple ID. A child Apple ID may be created by the parent or, in the case of a Managed Apple ID, by the child's educational institution."

Can this product be used offline?

Yes

User-friendly privacy information?

Yes

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Apple has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid.

Privacy policy

Yes

Does the product use AI? information

Yes

Some of Apple's AI research can be found at https://machinelearning.apple.com/.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Apple states in its privacy policy, "Apple does not take any decisions involving the use of algorithms or profiling that significantly affect you." Apple employs machine learning in many different ways, from using it to to improve Siri to using it to sharpen the photos that you take.

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

  • 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach
    Health IT Security
  • Apple warns of security flaws in iPhones, iPads and Macs
    NPR
  • Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
    Bloomberg
  • Security News This Week: Fake Cops Scammed Apple and Meta to Get User Data
    Wired
  • Apple Issues Emergency Security Updates to Close a Spyware Flaw
    The New York Times
  • Improving Siri’s privacy protections
    Apple
  • Apple resumes human reviews of Siri audio
    Associated Press
  • Apple apologises for allowing workers to listen to Siri recordings
    The Guardian
  • Apple’s AI plan: a thousand small conveniences
    The Verge
  • Apple vs. Feds: Is iPhone Privacy a Basic Human Right?
    Harvard Business School Working Knowledge
  • How can US law enforcement agencies access your data? Let’s count the ways
    The Guardian
  • How to ensure Apple Health cycle tracking data stays private
    AppleInsider
  • Should You Worry About Data From Your Period-Tracking App Being Used Against You?
    Kaiser Health News
  • Period tracking apps could see their data legally protected; how to secure yours
    9to5Mac

Comments

Got a comment? Let us hear it.